Skip to content

Commit fa493ef

Browse files
author
MarcoFalke
committed
ci: Make ci system read-only on the git work tree
1 parent fab1333 commit fa493ef

File tree

2 files changed

+13
-2
lines changed

2 files changed

+13
-2
lines changed

ci/test/00_setup_env.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ export BASE_BUILD_DIR=${BASE_BUILD_DIR:-$BASE_ROOT_DIR}
4141
export BASE_OUTDIR=${BASE_OUTDIR:-$BASE_BUILD_DIR/out/$HOST}
4242
export SDK_URL=${SDK_URL:-https://bitcoincore.org/depends-sources/sdks}
4343
export WINEDEBUG=${WINEDEBUG:-fixme-all}
44-
export DOCKER_PACKAGES=${DOCKER_PACKAGES:-build-essential libtool autotools-dev automake pkg-config bsdmainutils curl ca-certificates ccache python3 git}
44+
export DOCKER_PACKAGES=${DOCKER_PACKAGES:-build-essential libtool autotools-dev automake pkg-config bsdmainutils curl ca-certificates ccache python3 rsync git}
4545
export GOAL=${GOAL:-install}
4646
export DIR_QA_ASSETS=${DIR_QA_ASSETS:-${BASE_BUILD_DIR}/qa-assets}
4747
export PATH=${BASE_ROOT_DIR}/ci/retry:$PATH

ci/test/04_install.sh

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,13 @@ if [ -z "$RUN_CI_ON_HOST" ]; then
5050
echo "Creating $DOCKER_NAME_TAG container to run in"
5151
${CI_RETRY_EXE} docker pull "$DOCKER_NAME_TAG"
5252

53-
DOCKER_ID=$(docker run $DOCKER_ADMIN -idt --mount type=bind,src=$BASE_BUILD_DIR,dst=$BASE_BUILD_DIR --mount type=bind,src=$CCACHE_DIR,dst=$CCACHE_DIR -w $BASE_BUILD_DIR --env-file /tmp/env $DOCKER_NAME_TAG)
53+
DOCKER_ID=$(docker run $DOCKER_ADMIN -idt \
54+
--mount type=bind,src=$BASE_BUILD_DIR,dst=/ro_base,readonly \
55+
--mount type=bind,src=$CCACHE_DIR,dst=$CCACHE_DIR \
56+
--mount type=bind,src=$BASE_BUILD_DIR/depends,dst=$BASE_BUILD_DIR/depends \
57+
-w $BASE_BUILD_DIR \
58+
--env-file /tmp/env \
59+
$DOCKER_NAME_TAG)
5460

5561
DOCKER_EXEC () {
5662
docker exec $DOCKER_ID bash -c "export PATH=$BASE_SCRATCH_DIR/bins/:\$PATH && cd $PWD && $*"
@@ -86,6 +92,11 @@ export DIR_FUZZ_IN=${DIR_QA_ASSETS}/fuzz_seed_corpus/
8692

8793
DOCKER_EXEC mkdir -p "${BASE_BUILD_DIR}/sanitizer-output/"
8894

95+
if [ -z "$RUN_CI_ON_HOST" ]; then
96+
echo "Create $BASE_BUILD_DIR"
97+
DOCKER_EXEC rsync -a /ro_base/ $BASE_BUILD_DIR
98+
fi
99+
89100
if [ "$USE_BUSY_BOX" = "true" ]; then
90101
echo "Setup to use BusyBox utils"
91102
DOCKER_EXEC mkdir -p $BASE_SCRATCH_DIR/bins/

0 commit comments

Comments
 (0)